What was the draft encryption policy and why it was withdrawn?

All messaging services like WhatsApp, Viber, Google Chat, Yahoo messenger use encrypted services

Nandita Mathur
Updated22 Sep 2015, 03:15 PM IST
Wikipedia defines encryption as the process of encoding messages or information in such a way that only authorised parties can read it. Photo: Pradeep Gaur/Mint <br />
Wikipedia defines encryption as the process of encoding messages or information in such a way that only authorised parties can read it. Photo: Pradeep Gaur/Mint

New Delhi: The draft Encryption Policy released by the Department of Electronics and Information Technology (Deity) late last week drew flak from both the media and netizens, raising concerns over privacy and over-reach of the state. In view of the concerns, the government on Tuesday withdrew it and asked the Deity to redraft it.

What is Encryption?

Wikipedia defines encryption as the process of encoding messages or information in such a way that only authorised parties can read it. In an encryption scheme, the intended communication information or message, referred to as plaintext, is encrypted using an encryption key generated by an algorithm, which it turn generates a ciphertext that can only be read if decrypted. In principle, it is possible to decrypt the message without possessing the key, but for a well-designed encryption scheme, large computational resources and skill are required. An authorised recipient can easily decrypt the message with the key, but unauthorised interceptors can’t.

All messaging services like WhatsApp, Viber, Google Chat, Yahoo messenger use encrypted services. For instance, when a WhatsApp message is sent, it’s automatically encrypted or turned into scrambled text, which is then unscrambled for the recipient. This encryption happens automatically using keys at both ends of the conversation and users don’t play a role in this. Banks and e-commerce sites also use encryption to protect financial and private data including passwords.

How did encryption originate?

The Premable to the draft policy states that encryption technology was traditionally deployed most widely to protect the confidentiality of military and diplomatic communication. However, the revolution in Internet technology, proliferation of online apps for communication and subsequent increase in their usage, expanded the scope of encryption to e-commerce and e-governance civilian applications. This further led to the need to protect privacy and increase the security of the Internet and associated information systems and develop policies that favour the spread of encryption worldwide. The Information Technology Act 2000 provides for prescribing modes or methods for encryption (Section 84A) and for decryption (Section 69).

What was the draft encryption policy?

According to the terms of the new draft encryption policy, “user shall reproduce the same Plain text and encrypted text pairs using the software/hardware used to produce the encrypted text from the given plain text. All information shall be stored by the concerned B/C (business/citizen) entity for 90 days from the date of transaction and made available to Law Enforcement Agencies as and when demanded in line with the provisions of the laws of the country.”

This means that users would need to keep a record, till 90 days, of messages shared on social media and messaging services since these are encrypted. For companies that store private data it would mean storing passwords in plain text, which means private and confidential data will remain unencrypted and hence vulnerable for 90 days. This defeats the purpose of encryption which is to protect the confidentiality and integrity of information in transit and storage.

What were the concerns raised?

The biggest concern of this new policy is around the fact that users and organizations would “on demand” need to store all communication in plain text for 90 days from the date of transaction and make it available to law enforcement agencies in line with the provisions of the laws of the country. According to Medianama founder and volunteer for ‘Save The Internet’ forum Nikhil Pahwa, at least 99.99% users in India do not know the meaning of plain text and in such a case they can be held liable for not storing their encrypted data in plain text format. Pahwa also expressed concern over manipulation of plain text data by hackers.

Another term that stirred a controversy is that in case of communication with any foreign entity, the primary responsibility of providing readable plaintext along with the corresponding encrypted information shall rest on the business or citizen located in India. Additionally, service providers located within and outside India, using encryption technology for providing any type of services in India, must enter into an agreement with the government.

This is seen as impractical as there are many service providers around the world that use encryption. It would seem highly unrealistic if all of these are required to enter into an agreement with the Indian government.

What invited further criticism is that the government proposed to prescribe the algorithms and key sizes for encryption. This implies government control over all data.

No wonder then that the new draft policy was seen as totalitarian in nature, as it seemed to view every individual in the country as a potential criminal. Pahwa also raises some serious questions in Medianama about how the Indian government expects users to know about all the communication taking place from their devices, given that most of the communication today is via apps or social media platforms.

Then, how will users be able to figure out if their messages are encrypted or not, how will they be able to store the plaintext version of the encrypted communication for 90 days, and on top of that, keep it away from potential hackers.

The government first issued an addendum to the draft policy, but later decided to redraft it.

Catch all the Politics News and Updates on Live Mint. Download The Mint News App to get Daily Market Updates & Live Business News.

MoreLess
First Published:22 Sep 2015, 03:15 PM IST
Business NewsPoliticsPolicyWhat was the draft encryption policy and why it was withdrawn?

Get Instant Loan up to ₹10 Lakh!

  • Employment Type

    Most Active Stocks

    Adani Power share price

    560.20
    03:59 PM | 28 NOV 2024
    36.4 (6.95%)

    Adani Ports & Special Economic Zone share price

    1,167.00
    03:43 PM | 28 NOV 2024
    -32.75 (-2.73%)

    Indian Oil Corporation share price

    137.80
    03:59 PM | 28 NOV 2024
    -1.15 (-0.83%)

    Adani Enterprises share price

    2,437.45
    03:59 PM | 28 NOV 2024
    39.1 (1.63%)
    More Active Stocks

    Market Snapshot

    • Top Gainers
    • Top Losers
    • 52 Week High

    Karur Vysya Bank share price

    239.10
    03:29 PM | 28 NOV 2024
    9.1 (3.96%)

    Laurus Labs share price

    551.45
    03:47 PM | 28 NOV 2024
    7.9 (1.45%)

    Computer Age Management Services share price

    4,896.45
    03:58 PM | 28 NOV 2024
    40.05 (0.82%)

    Eclerx Services share price

    3,455.55
    03:54 PM | 28 NOV 2024
    -7.6 (-0.22%)
    More from 52 Week High

    Amber Enterprises India share price

    5,991.45
    03:56 PM | 28 NOV 2024
    -481.35 (-7.44%)

    SBI Life Insurance Company share price

    1,427.95
    03:55 PM | 28 NOV 2024
    -77.55 (-5.15%)

    Max Financial Services share price

    1,128.60
    03:29 PM | 28 NOV 2024
    -59.3 (-4.99%)

    Triveni Turbines share price

    796.55
    03:58 PM | 28 NOV 2024
    -38.75 (-4.64%)
    More from Top Losers

    Honasa Consumer share price

    251.55
    03:54 PM | 28 NOV 2024
    22.85 (9.99%)

    ITI share price

    295.40
    03:56 PM | 28 NOV 2024
    19.65 (7.13%)

    Adani Power share price

    560.20
    03:59 PM | 28 NOV 2024
    36.4 (6.95%)

    Ujjivan Small Finance Bank share price

    35.88
    03:59 PM | 28 NOV 2024
    2.32 (6.91%)
    More from Top Gainers

    Recommended For You

      More Recommendations

      Gold Prices

      • 24K
      • 22K
      Bangalore
      77,535.00290.00
      Chennai
      77,541.00290.00
      Delhi
      77,693.00290.00
      Kolkata
      77,545.00290.00

      Fuel Price

      • Petrol
      • Diesel
      Bangalore
      103.02/L0.10
      Chennai
      100.90/L0.00
      Kolkata
      104.95/L0.00
      New Delhi
      94.77/L0.00

      Popular in Politics

        HomeMarketsPremiumInstant LoanMint Shorts